[tbb-bugs] #13005 [Tor Browser]: Please document Tor Browser environment variables

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Sep 6 23:56:25 UTC 2014 

#13005: Please document Tor Browser environment variables
-----------------------------+----------------------
     Reporter:  mttp         |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------

Comment (by pragmatist):

 Hi I am writing this as a open letter/ request to the TBB team. Can you
 please consider designs like Whonix when adding functionality where Tor is
 run on a different machine than the one TBB is on and ControlPort access
 is prevented?

 Tor's ControlPort has very rich functionality, some of which allows an
 adversary to pull off many dangerous and unwanted actions. Examples are:
 getting Tor to disclose the host's IP address, making Tor use an arbitrary
 relay or bridge, making Tor run as a Hidden service without the user's
 permission. The controlport filter mechanism that is being used by whonix
 and TAILS is not a great workaround because a skilled enough attacker
 (think NSA) probably has the 0days and knowledge to make bash or python do
 something unexpected when parsing malicious input. Ideally we would prefer
 simply not to allow any access to the ControlPort as  the adversary cannot
 exploit what is not there.

 The environment variable list is a good thing because it disables false
 positive warnings that Torbutton will issue otherwise when it isn't able
 to communicate with the controlport. Please consider not making any hard
 dependencies on ControlPort in your future development direction.

 From what Roger said, the "get clockskew info" request is probably going
 to be implemented so that some controller running next to tor that learns
 the answer to stuff, and exports it somehow to the vm that has tor browser
 in. Sort of like the current ControlPort Filter idea but the other way
 around. this is good as long as nothing malicious like the actions
 described above are possible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13005#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list